What do you do when you just increased security in your app? You make it even better!

  • Introducing Trackman Up. A monthly service that adapts your Rails application security to the future.
  • Focus on the long-term success of your web app and dev team.
  • Take the weight of the necessary evil off your team's shoulders.

Improving security takes time, big changes are expensive

Wouldn't it be great if you could just install security as those scanners promise?

In reality, you know that security takes time. There are new types of attacks, software vulnerabilities and browser changes every month. You and your team find security problems, they need fixing.

And that's only to keep up. There's no time left to think about strategies. Or to implement that useful security feature that you saw somewhere. But is it worth it? And can we get it right the first time around?

Imagine never having another security headache again...

Security has many facets:

  • Security awareness so we don't introduce new vulnerabilities in the code
  • Keeping up with new attacks and Rails, gem and software security
  • Automatic tests to keep the standard
  • Hardening security with modern means
  • Evaluate security best practices in new features

But where to start? Where are the current weak points? And what should be my next steps? Wouldn't it be great if these things sort of took care of themselves? At least to some extent?

I want to be your external Product Security specialist

Together we'll improve all the different aspects of security, month by month. Realistically, you're in the middle of something right now and more big todo items are the last thing you need.

I'll make it as easy as possible for you to keep up with security and increase security according to your vision.

Who is this for?

You spent a lot of time with security already, you're pretty confident it's not bad at all. The automatic security test tool reports no significant problems. Everything works and you could do this all by yourself, why do you need someone else?

Because you and your team discuss, learn about, keep up with and test security a couple of times a year. This service could walk that up to monthly and make it a high priority. And it won't interfere with business as usual.

Do you think security is part of the long-term success of your web application? Then we're on the same page.

I'll keep up with security for you, review pull-requests with a security hat on and do all useful automatic tests. I provide code, guides, and advice so that you can make informed decisions. We'll launch the changes with your team and keep you updated. Also, I'm keeping up with security documentation and awareness with your team.

But who are you?

Heiko Webers here. I'm a developer, trainer and white-hat hacker, working with Rails security since 2007. I'm running a small business and SaaS applications, just like you. So I generally understand the challenges and possibilities.

Do you know your stuff?

I wrote the original Rails security guide and started the Rails Security Project. In 2015 another book, the Rails security strategy. I've conducted countless Rails security audits for many well-known Rails applications. And you'll benefit from that experience as well.

Not the typical consulting offer

This is aimed at long-term success. You and your team keep all the knowledge that you get during this project. Security audits give you an overview of where the weak points are right now. But I know that the job isn't done with a report. So I'm making myself available to deliver the best possible result at a far lower price point than my usual day rate.

What will you get?

Code review

I'll spend time every month reviewing security in the code changes. Ideally, we'd start with a security audit to know the current weak points, but that's not a must.

Engaging online courses...

...for all relevant security topics, from beginner to advanced stage. New and current team members will be on the same page quicker.

"This is how we do security here"

We'll develop "this is how we do security here" foundation rules with your team.

I'll keep you posted

There are security news, software updates, new vulnerabilities or browser changes every month.

Automatic security

I'm running all useful automatic security test tools and will develop more for your needs.

Security dashboard

Your personal security dashboard with reports and results for every month. See on the right.

Security evaluation

Want me to evaluate an approach or have a question? Mention me on Github or add me to your messenger.

Example of the Trackman Up web UI (monthly Ruby on Rails security)

This isn't for everyone

This is for you if any of this sounds like you:

  • You're a small to mid-sized self-funded (or otherwise sustainable) business.
  • You're interested in the long-term success & security of your web application.
  • You make code changes quickly.
  • You can add me as a read-only team member on Github (or similar). I'll work best if I get access to the code. It doesn't have to be right from the beginning, but it will give you fewer things to worry about. We can set up an NDA if you like.

If you run a bigger business, I assume you already have someone on staff to take care of this. If not, please get in touch and we'll figure something out.

Make security a top-priority

Get started with Trackman Up today!


Talking to us is risk-free.